<?php
session_start();

// if a person is signed in and they still come to the signin page, 
// redirect to their account page
if ($_SESSION["username"] != "" && $_SESSION["pword"] != "")
{
	header("location:manageAccount.php");
}
else if (isset($_REQUEST["pword"]))
{
	$host="mysql-user.cse.msu.edu"; // Host name
	$username="hewittry"; // Mysql username
	$password="A39777266"; // Mysql password
	$db_name="hewittry"; // Database name
	$tbl_name="AllUsers"; // Table name

	// Connect to server and select databse.
	mysql_connect("$host", "$username", "$password")or die("cannot connect");
	mysql_select_db("$db_name")or die("cannot select DB");
	
	$lId = mysql_real_escape_string($_REQUEST['username']);
	$lPword = mysql_real_escape_string($_REQUEST['pword']);
	
	$query = "SELECT userType FROM $tbl_name WHERE LogonID	= '$lId' AND UserPassword = '$lPword'";	
	$result=mysql_query($query);
	if (mysql_num_rows($result))
	{
		$row = mysql_fetch_assoc($result);
		switch($row["userType"])
		{
			case 1:
				$userType = "admin";
				break;
			case 2:
				$userType = "dealer";
				break;
			case 3:
				$userType = "regular";
				break;
			default:
				$userType = "";
				break;
		}
		$_SESSION["username"] = $lId;
		$_SESSION["pword"] = $lPword;
		$_SESSION["usertype"] = $userType;
		$url = (isset($_REQUEST['redirect'])) ? mysql_real_escape_string($_REQUEST['redirect']) : "index.php";
		header("location:" . $url);
	}
}

$currPage = "signin";
include("inc_header.php"); ?>

	<div id="content">
		<h2><a href="#">Sign In</a></h2>
		<div class="clearfix">
			
			<?php 
				if (isset($_REQUEST['redirect'])) 
				{ 
					echo "<p style='color: red'>You must sign in or <a href='newUser.php'>sign up</a> to view that area of the website! What are you waiting for?</p>"; 
				}
			?>
		
			<form name="form1" method="POST" action="signin.php<?php if (isset($_REQUEST['redirect'])) { echo "?redirect=" . $_REQUEST['redirect']; } ?>">
				<table>
					<tr>
						<td style="vertical-align: top;">Username:</td>
						<td><input type="text" name="username" id="username" size="40" /><br /><br/></td>
					</tr>

					<tr>
						<td style="vertical-align: top;">Password:</td>
						<td><input type="password" name="pword" id="pword" size="40" /><br /><br/></td>
					</tr>

					<tr>
						<td style="vertical-align: top;">&nbsp;</td>
						<td><input type="submit" value="Submit" name="submit" id="submit" /></td>
					</tr>
				</table>
				<br /><br/>
			</form>
			<p>Don't have an account yet? <a href="newUser.php">Sign up now!</a></p>
		</div>

	</div>

<?php include("inc_footer.php"); ?>
